The risks associated with cybercrime grow day by day (Ali 1). Cyber criminals transcend the boundaries of traditional crime with their use of computers, mobiles, and other network devices key to committing such attacks. The three most common cyber-attacks include malware, phishing, and DDoS.
Malware itself can constitute a variety of terms, but it is typically defined as software created to damage, disrupt or rupture access to a computer system or network (Franklin 2). The most common form of this malicious software includes viruses and ransomware, which are specifically designed to penetrate a network through a weakness or flaw. One of the most prominent malware attacks on the banking industry followed the development of a new virus called Trojan-Banker.Win32/64.Neverquest (Neverquest for short) (Caulderwood 1). Trojan viruses are a type of malware that appears benign to unsuspecting users. When downloaded onto a computer, either remotely or through a link, the virus modifies the contents of your web browser (e.g., Chrome, Firefox, Edge), making it seem like a user must re-input their login information for recent websites. Instead, these usernames and passwords are sent to hackers, who then use virtual network computing to gain access to your account remotely. “This gives malicious users the chance to not only transfer cash funds to their own accounts, but also to play the stock market using the accounts and money of Neverquest victims,” wrote Sergey Golovanov, researcher at Kapersky Lab, a Russian computer security company (2).
Phishing is another method used to infiltrate financial institutions, and can be defined as sending fraudulent messages posing as a reputable source in order to convince recipients to disclose sensitive information, including bank account numbers and routing numbers (Padmaavaathy 4). This cyber attack typically takes form as an email, shepherding unknowing victims to a website where they are asked to update personal information, whether its banking information, a social security number, or password. These details are then used by the perpetrator to commit identity theft. Emails of this nature are usually sent to large groups of people to increase a hacker’s odds of success.
The last commonly used method includes Distributed Denial of Service attacks, or DDoS for short. DDoS attacks are a complex variation of regular denial of service attacks, which consists of flooding a network (usually a router or communication server) with spam or other useless traffic (Padmaavaathy 3). This effectively denies a user from utilizing a service that they are entitled to access or administer. DDoS attacks complicate this type of attack by sending these stale requests from multiple remote locations, thus making it almost impossible to track the source of the attack. What makes DDoS attacks unique is that they do not attempt to breach the electronic security perimeter of a business or individual. Rather, it denies legitimate users entrance to a website or server. These types of attacks can come in varying lengths and can affect a server for several weeks. Experts of the field suggest that DDoS attacks can also be used a distraction for other malicious activities when affecting online traffic.
To combat this sort of crime, banks must invest in an adaptable set of systems, and people to run them. Joe Nocera, cybersecurity and privacy financial services industry leader states, “The coordination and information sharing they we have seen around threat intelligence, sector wide incident readiness and systemic resiliency are all leading practices that other industries could model” (Labbe 3). In other words, coordination among a broad scope of financial institutions is the first step in stopping such crimes.
Summary: